Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 603
Alerts This Week
Warning Icon 1 603

Ubuntu 20.04 LTS USN-5866-1 Critical: Nova Denial Of Service

ubuntu
Calendar Grey February 13, 2023
Dist Ubuntu Esm H88
Several vulnerabilities resolved in Ubuntu for Nova with critical patches for impacted versions.
Several security issues were fixed in Nova.

Summary

Several security issues were fixed in Nova.

Software Description:

- nova: OpenStack Compute cloud infrastructure

Details:

It was discovered that Nova did not properly manage data logged into the

log file. An attacker with read access to the service's logs could exploit

this issue and may obtain sensitive information. This issue only affected

Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2015-9543)

It was discovered that Nova did not properly handle attaching and

reattaching the encrypted volume. An attacker could possibly use this issue

to perform a denial of service attack. This issue only affected Ubuntu

16.04 ESM. (CVE-2017-18191)

It was discovered that Nova did not properly handle the updation of domain

XML after live migration. An attacker could possibly use this issue to

corrupt the volume or perform a denial of service attack. This issue only

affected Ubuntu 18.04 LTS. (CVE-2020-17376)

It was discovered that Nova was not properly validating the URL passed to

noVNC. An at...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  nova-common                     2:21.2.4-0ubuntu2.2
  python3-nova                    2:21.2.4-0ubuntu2.2

Ubuntu 18.04 LTS:
  nova-common                     2:17.0.13-0ubuntu5.3
  python-nova                     2:17.0.13-0ubuntu5.3

Ubuntu 16.04 ESM:
  nova-common                     2:13.1.4-0ubuntu4.5+esm1
  python-nova                     2:13.1.4-0ubuntu4.5+esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5866-1

CVE-2015-9543, CVE-2017-18191, CVE-2020-17376, CVE-2021-3654,

CVE-2022-37394

Severity
critical
Lowest
Low
Medium
High
Critical

February 13, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.